I am trying to activate HTTPS for my domain name. Chrome recognizes the SSL certificate when i go to https://www.example.com, but I get the error and it says that my SSL is not trusted. What do I need to do to get my SSL certificate to be trusted?
Instead of using a self-signed certificate, get one from a certificate provider. I'd recommend you looking at LetsEncrypt because they have a good automated support for being able to renew certificates automatically.
Related
I'm using Lets Encrypt Certbot to generate ssl certificate btw if you notice my url already have https, I only generated it manually and that's not secured. Just want to know if my url is acceptable to have a ssl certificate.
You can get an SSL certificate for any website. You just have to verify ownership of your domain and once the certificate has been issued to you upload it to your website host.
I can't connect with my Tableau Server from Tableau Desktop because it shows me that error: SSL certificate is not valid. I'm searching for a solution, but I'm only reading how to change the certificate with another, beacause I do not have any other certificate.
My question goes before that: how can I get a certificate? where I can get it from?
This is the guide from Tableau I use whenever I need to setup SSL for my servers. It includes obtaining an SSL Certificate from a certificate authority Steps for SSL Cert
To configure Tableau Server to use SSL, you must have an SSL certificate. To obtain the SSL certificate, complete the steps:
Set the OpenSSL configuration environment variable (optional)
Generate a key file
Create a Certificate Signing Request (CSR)
Send the CSR to a certificate authority (CA) to obtain an SSL certificate
Use the key and certificate to configure Tableau Server to use SSL
I've been using an online SSL checker to check certificate validity for several sites.
One thing I noticed is that many websites have wildcard certificates - especially those hosted on common web hosting sites, such as goDaddy: *.onlinestore.godaddy.com
But those sites have custom domains and so when validating the SSL cert I can see an error where the hostname does not match the altnames listed in the certificate.
But all major browsers (tested chrome, FF, IE and Safari) still show the site as secure. Do the browsers not care that the domain names are not listed in the cert, and isn't that a security vulnerability?
Example: https://www.sslshopper.com/ssl-checker.html#hostname=www.cinnamonmotif.com
In case a wildcard certificate is installed on a domain, the browser only check the certificate validity and wildcard rule. As long as this rule is true the certificate id trusted and no warning appears.
If you look at the certificate that the browser resolved you'll see that it's different than sslshopper.com resolved.
When you go in a modern browser the client sends the TLS Server Name Indication extension, and the site notices that it's supposed to serve up the cinnamonmotif.com certificate.
SslShopper saw *.onlinestore.godaddy.com, which is certificate 0x6068c7475ab4ee2a from Go Daddy Secure Certificate Authority - G2.
With SNI the served up certificate is cinnamonmotif.com, certificate 0x3e0240d9425e8120 from Go Daddy Secure Certificate Authority - G2.
The fact that the browser saw a different certificate, which is a hostname match, is why the browser says it's a legitimate connection.
I created a Let's Encrypt certificate using SSLforFREE. It works great in the browser, but generates an "unknown certificate" error when used with an Alexa skill. Manually uploading the certificate to the Alexa service works, but it will not work as a "trusted" certificate.
Has anyone successfully used one of these as a "trusted" certificate with Alexa?
Oh, here's what you can do:
Download the contents of your fullchain.pem cert, from /etc/letsencrypt/live/<domain>/fullchain.pem on your server
On your skill config page, select the "SSL" Tab.
Mark "I will upload a self-signed certificate in X.509 format."
Paste the contents of your fullchain.pem file.
It worked for me. Not sure if chain or cert would be enough.
Dont use sslforfree. Use Letsencrypt fullchain certificates directly
Though certificates from https://www.sslforfree.com/ utilizes letsencrypt certificate chain, amazon finds an issue while tracing to a trusted certificate authority.
This is another discussion on missing certificate chains.
The solution that will work is, Use LetsEncrypt certificates directly with chained certificates to a trusted CA certificate.
For this, use certbot in order to generate LetsEncrypt certificate on your Server and follow the steps in #aldrinleal answer.
I have installed SSL Certificate manually that I had brought from Godadday. It installed successfully but it shows self signed certificate which is not trusted or displays cross on https.
What is the solution ?
It is showing because it does not recognized the certificate that you get from Godaddy.
The CSR certificate has to upload on your site and make changes on apache config file.
Make sure your CSR file should not match with the private key that you submitted to verify your site.
Installing a SSL certificate requires some server administration knowhow, especially updating web server configuration.
DigitalOcean has a great tutorial on how to install a SSL certificate from GoDaddy: https://www.digitalocean.com/community/tutorials/how-to-install-an-ssl-certificate-from-a-commercial-certificate-authority#example-ca-2-godaddy
Maybe it helps.
To check if you installed it correctly, you can use Qualys SSL Server Test at https://www.ssllabs.com/ssltest/index.html